Jennifer Stoddart, the Privacy Commissioner of Canada, has decided that Bell Canada must clearly tell its customers that it is collecting information for the purposes of traffic shaping. Bell states that they only collects the IP information of its subscribers’ routers or computers and, although these dynamic IP addresses can’t identify individuals, they can, however, be traced to a user’s ID. Stoddard concluded IP addresses are personal information, and therefore the telco could do a better job of explaining what it does.

From the article:

The final decision came this week from commissioner Jennifer Stoddart, who in April found that the telco’s public explanations of its use of deep packet inspection technology (DPI) to slow traffic of some Internet subscribers doesn’t comply with its obligations under the federal privacy law, PIPEDA.

In April Stoddart ruled Bell has to clarify its written agreements with subscribers, that it integrate its privacy and traffic management practices better on its written and Web pages, findings she upheld. This week’s ruling says the commission is giving Bell 30 days to comply with changes to three specific documents.

The use of DPI has spawned much controversy, as evidenced by the ongoing CRTC hearing. Included in her findings, Stoddart also wrote this: “It is relatively easy to paint a picture of a network where DPI, unchecked, could be used to monitor the activities of its users. It is rarer to dispassionately examine a specific implementation of DPI on a network.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private-sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA was passed in the late 1990s to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.

The full itWorldCanada article can be found here: http://www.itworldcanada.com/a/Security/f8c8388d-1425-4e20-b1d9-c025c9318a4e.html

More information about PIPEDA can be found here: http://www.priv.gc.ca/legislation/02_06_01_e.cfm